Latest Articles

Cisco Buffer Overflow, DDoS Flaws Revealed

[img_assist|nid=2841|title=|desc=|link=none|align=left|width=100|height=100]Cisco has discovered a buffer overflow in version 2.6 of CiscoWorks Internetwork Performance Monitor (IPM) and previous versions for Windows; the flaw allows attackers to compromise vulnerable systems remotely, as well as a DDos flaw in Cisco IOS XR. Read the full article. [The H Security]

Read more...

Mozilla Ships Security Goodies in Firefox 3.6 Update

[img_assist|nid=2838|title=|desc=|link=none|align=right|width=100|height=100]Mozilla
has released the latest iteration of its flagship Firefox browser with
a few significant security goodies to keep malicious hacker at bay. The update, which is being shipped via the browser’s automatic
update mechanism, includes new features to patch third-party Firefox
plug-ins and lock out rogue add-ons.

Read more...

Easy Passwords Found In RockYou Data Leak

[img_assist|nid=2829|title=|desc=|link=none|align=left|width=100|height=100]Analysis of the 32 million passwords recently exposed in the breach of
social media application developer RockYou last month provides further
proof that consumers routinely use easy to guess login credentials. Read the full article. [The Register]

Read more...

Microsoft Confirms Unpatched Windows Kernel Flaw

Categories: Vulnerabilities

One day after a Google security researcher releases code to expose a flaw that affects every release of the Windows NT kernel — from Windows NT 3.1 (1993) up to and including Windows 7 (2009) — Microsoft has released a security advisory to acknowledge the issue and warn of the risk of privilege escalation attacks.

Read more...

Aurora Attack Malware Components May Be Four Years Old

Categories: Malware, Vulnerabilities

[img_assist|nid=2812|title=|desc=|link=none|align=right|width=100|height=100]Although the first known attacks using the Aurora malware that compromised Google weren’t discovered until late last year, some parts of the malware codebase has been in existence in China for nearly four years, raising questions about how many other attacks it might have been used in during that time frame.

Read more...

Emergency IE Patch Coming on January 21

[img_assist|nid=2806|title=|desc=|link=none|align=left|width=100|height=100]This is just a quick heads-up that the emergency security patch for Microsoft’s Internet Explorer will be released tomorrow (January 21, 2009).The update, rated critical for all versions of IE, will cover a remote code execution flaw that has already been used in targeted attacks against U.S. companies, including Google and Adobe.

Read more...

Tom Kellermann on Google and Howard Schmidt’s Priorities

Categories: Compliance, Podcasts

[img_assist|nid=2827|title=|desc=|link=none|align=right|width=67|height=100]Dennis Fisher talks with Tom Kellermann of Core Security about the Google attack, the priorities for new cyber coordinator Howard Schmidt and the economic and political realities of advanced persistent threats.

Read more...